Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-11 22:02:10 2014-07-11 22:04:14 124 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-11 22:02:11 2014-07-11 22:04:14

File Details

File name report_id_875893475983475934759384.exe
File size 128512 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 C5D3083C
MD5 c4431912dcffac482e2ead60cf33d1a8
SHA1 5218d4657ab3a317d67e83466e003e7c3becc2c9
SHA256 e363f63d4df5101666f06146fbf3c42e07f98ddfedd5797db680272ea9a852bc
SHA512 ac311a104c5cdd758ccc1b6d569c82a3b5d48fdac1e7e290155a1225b99f940b2313fbabd8bea9aabeca5d6d1a255543fc6cea470e405c9948e2503853aeb6ea
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-12 01:59:59
Detection Rate: 16/53 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Version Infos

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

report_id_875893475983475934759384.exe PID: 984, Parent PID: 428

Volatility

Nothing to display.